Besides this is an older article, I came here via Google. The suggestions are more or less incomplete.

In your index.txt every cert you generated is listed. As long as a valid (not expired) cert with the same DN is already available, you cannot create a new one with the same DN. There are multiple solutions:

1) Set unique_subject = no in index.txt.attr so you are allowed to generate as many certs with the same DN as you want. This is a bad solution since the D in DN means “distinguished”. If you generate multiple certs with the same DN, you can no longer easily distinguish them.

2) Delete the entry from the index. OpenSSL has no longer the knowledge about the already existing cert and will generate a new one. This is a quick and very dirty solution since the former generated cert is still valid and can be used. Same problem as in 1).

3) Revoke the already existing cert: openssl ca -revoke . The index.txt will be changed and the cert is marked as revoked/invalid. Now you can generate a new one with the same DN.